GitLab

The internal BIND keymgr tries to initialize legacy keys (keys without a state file). If no state file is present it is going to assume the keys in use are actively being used for signing (so setting everything to rumoured or omnipresent, depending on the time).

Initializing the state files currently does not look at the Inactive and Delete time. So I agree that we can add logic such that when the Inactive time has passed set the key goal to hidden and ds/krrsig/zrrsig to unretentive, and when the Delete time has passed set the everything to hidden.